The Federal Communications Commission (FCC) has launched a Notice of Inquiry (NOI) to seek comments on cyber risks to the Border Gateway Protocol (BGP) – the routing protocol for the Internet – in response to increasing cyber threats following Russia’s invasion of Ukraine.
The BGP serves as the postal service of the Internet, finding the best delivery route for data among autonomous systems on the Internet. However, BGP’s initial design doesn’t include explicit security features to ensure the safe delivery of information, allowing an adversary to “deliberately falsify BGP reachability information to redirect traffic,” according to the FCC.
“Russian network operators have been suspected of exploiting BGP’s vulnerability to hijacking in the past,” an FCC press release says. “‘BGP hijacks’ can expose Americans’ personal information, enable theft, extortion, and state-level espionage, and disrupt otherwise-secure transactions.”
The FCC wants to gather comments on vulnerabilities threatening the security and integrity of the BGP. The inquiry would also examine the cyber risks’ impact on the transmission of data through email, e-commerce, bank transactions, interconnected Voice-over Internet Protocol, and 9-1-1 calls.
The FCC noted it has worked with its Federal partners to urge the communications sector to defend against cyber threats, “while also taking measures to reinforce the nation’s readiness and to strengthen the cybersecurity of vital communications services and infrastructure, especially in light of Russia’s actions inside of Ukraine.”
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency also warned U.S. organizations at all levels last week to keep their guard up for potential Russian cyber threats.